Researchers say Thai pro-democracy activists hit with spyware


BANGKOK (AP) — Cybersecurity researchers on Monday reported details of cases where Thai activists involved in the country’s pro-democracy protests had their cellphones or other devices infected and attacked with government-sponsored spyware. .

Investigators from internet watchdog groups Citizen Lab, Internet Law Reform Dialogue, or iLaw, and Digital Reach said at least 30 people – including activists, academics and people working with civil society groups – have been targeted by one or more anonymous government entities for surveillance. with Pegasus, spyware produced by Israel-based cybersecurity firm NSO Group.

Reports from both groups named many of those targeted, confirming previous surveillance reports, which Citizen Lab’s John Scott-Railton says show governments are exploiting their ability to buy technology designed to fight crime and terrorism to spy on critics and the like. private citizens.

“Citizen Lab believes there is a fundamental challenge for civil society,” Citizen Lab’s John Scott-Railton said in an online presentation during a briefing in Bangkok.

The attacks on the individuals’ devices took place from October 2020 to November 2021, a time “very relevant to specific Thai political events” since they took place during the period when pro-democracy protests broke out in across the country.

But Scott-Railton told Citizen Lab, which exposes digital espionage campaigns and insecure software, thought there was still an active Pegasus operator in Thailand.

Those whose devices were attacked were either involved in the 2020-2021 protests or publicly critical of the Thai monarchy. Lawyers who defended the activists were also subject to such digital surveillance, the researchers said.

Pegasus spyware is known for its “no-click exploits”, meaning it can be installed on a target’s phone remotely without the target having to click on links or download any software .

The spyware can obtain all device data, including contact lists and group chats, making it highly effective against political groups and movements, Scott-Railton said.

NSO Group products, including Pegasus software, are generally authorized only to government intelligence and law enforcement agencies to investigate terrorism and serious crimes, according to the company’s website. Citizen Lab and other cybersecurity researchers have tracked the spyware in 45 countries.

In a separate report on Monday, human rights group Amnesty International reiterated its call for a global moratorium on the sale of spyware.

“Illegal targeted surveillance of human rights defenders and civil society is a tool of repression. It’s time to crack down on this industry that continues to operate in the shadows,” Amnesty Tech Deputy Director Danna Ingleton said in a statement.

The company has dismissed accusations that its spyware contributed to the murder of Saudi journalist Jamal Khashoggi, perhaps the most high-profile case to date. He maintains that his sales go through a rigorous ethics vetting process and that Pegasus spyware is sold to governments for security purposes only.

In November, the US government blacklisted NSO Group and Apple sued him and notified the victims of Pegasus. Facebook sued the NSO Group for using a somewhat similar exploit that allegedly intruded through its world-famous WhatsApp encrypted messaging app.

The reports from Citizen Lab and iLaw do not accuse any specific government actor, but say that the use of Pegasus indicates the presence of a government operator. When news that dissidents had been targeted first surfaced in November 2021, the government denied the allegations.

Apple said it sought a permanent injunction to prohibit the NSO Group from using any Apple software, service or device to “prevent further abuse and harm to its users”.

Apple’s notifications to customers of spyware infections are a crucial part of a defense strategy against such digital surveillance, Scott-Railton said.

“Apple did something remarkable by notifying recipients of this alleged targeting. If you look at the infection online, it stopped after notification from Apple,” he said. “It was a very consequential thing.”

Cybersecurity experts have said that turning off and restarting a device can interrupt the spyware’s digital connection. Security updates have also helped close vulnerabilities exploited by these attackers.

“The layering of defenses on devices is very important,” Scott-Railton said. “Anything is better than nothing.”

But the spyware is constantly being updated, and it’s designed to be hard to spot, making it easier to monitor by governments who have found it a useful tool in suppressing dissent.

Thailand’s student-led pro-democracy movement has ramped up its activities in 2020, largely in reaction to the military’s continued influence in government and hyper-royalist sentiment.

The movement was able to attract crowds of up to 20,000 to 30,000 people in Bangkok in 2020 and had followers in major cities and universities.

“There is long-standing evidence showing the presence of Pegasus in Thailand, indicating that the government likely would have had access to Pegasus during the time period in question,” researchers said in the report. The more than 30 people targeted were also “of intense interest to the Thai government”.

In 2014, the military overthrew an elected government and coup leader Prayuth Chan-ocha was named prime minister after a 2019 general election brought a military-backed political party to power. The protesters campaigned for Prayuth and his government to step down and demanded reforms to make the monarchy more accountable and change the constitution to make it more democratic.


AP Technology Writer Zen Soo reported from Hong Kong.


Comments are closed.